diff --git a/windows/client-management/mdm/declaredconfiguration-csp.md b/windows/client-management/mdm/declaredconfiguration-csp.md
index 4251c9ab44..e9843249a5 100644
--- a/windows/client-management/mdm/declaredconfiguration-csp.md
+++ b/windows/client-management/mdm/declaredconfiguration-csp.md
@@ -1,7 +1,7 @@
---
title: DeclaredConfiguration CSP
description: Learn more about the DeclaredConfiguration CSP.
-ms.date: 09/12/2024
+ms.date: 11/05/2024
---
@@ -45,6 +45,8 @@ The following list shows the DeclaredConfiguration configuration service provide
- [Results](#hostinventoryresults)
- [{DocID}](#hostinventoryresultsdocid)
- [Document](#hostinventoryresultsdociddocument)
+ - [ManagementServiceConfiguration](#managementserviceconfiguration)
+ - [ConflictResolution](#managementserviceconfigurationconflictresolution)
@@ -728,6 +730,93 @@ The Document node's value is an XML based document containing a collection of se
+
+## ManagementServiceConfiguration
+
+
+| Scope | Editions | Applicable OS |
+|:--|:--|:--|
+| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE
✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows Insider Preview |
+
+
+
+```Device
+./Device/Vendor/MSFT/DeclaredConfiguration/ManagementServiceConfiguration
+```
+
+
+
+
+The ManagementServiceConfiguration node that's used to control certain Windows Declared Configuration behavior.
+
+
+
+
+
+
+
+**Description framework properties**:
+
+| Property name | Property value |
+|:--|:--|
+| Format | `node` |
+| Access Type | Get |
+
+
+
+
+
+
+
+
+
+### ManagementServiceConfiguration/ConflictResolution
+
+
+| Scope | Editions | Applicable OS |
+|:--|:--|:--|
+| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE
✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows Insider Preview |
+
+
+
+```Device
+./Device/Vendor/MSFT/DeclaredConfiguration/ManagementServiceConfiguration/ConflictResolution
+```
+
+
+
+
+This node controls to turn on conflict resolution on and off.
+
+
+
+
+
+
+
+**Description framework properties**:
+
+| Property name | Property value |
+|:--|:--|
+| Format | `int` |
+| Access Type | Add, Delete, Get, Replace |
+
+
+
+**Allowed values**:
+
+| Value | Description |
+|:--|:--|
+| 0 | The conflict resolution is OFF. |
+| 1 | The conflict resolution is ON. |
+
+
+
+
+
+
+
+
## DeclaredConfiguration OMA URI
diff --git a/windows/client-management/mdm/declaredconfiguration-ddf-file.md b/windows/client-management/mdm/declaredconfiguration-ddf-file.md
index 07e2e406e6..6d50da92cb 100644
--- a/windows/client-management/mdm/declaredconfiguration-ddf-file.md
+++ b/windows/client-management/mdm/declaredconfiguration-ddf-file.md
@@ -1,7 +1,7 @@
---
title: DeclaredConfiguration DDF file
description: View the XML file containing the device description framework (DDF) for the DeclaredConfiguration configuration service provider.
-ms.date: 06/28/2024
+ms.date: 11/05/2024
---
@@ -466,6 +466,61 @@ The following XML file contains the device description framework (DDF) for the D
+
+ ManagementServiceConfiguration
+
+
+
+
+ The ManagementServiceConfiguration node that is used to control certain Windows Declared Configuration behavior
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ ConflictResolution
+
+
+
+
+
+
+
+ This node controls to turn on conflict resolution on and off.
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ 0
+ The conflict resolution is OFF.
+
+
+ 1
+ The conflict resolution is ON.
+
+
+
+
+
```
diff --git a/windows/client-management/mdm/laps-csp.md b/windows/client-management/mdm/laps-csp.md
index 76508deef5..b524fe09eb 100644
--- a/windows/client-management/mdm/laps-csp.md
+++ b/windows/client-management/mdm/laps-csp.md
@@ -1,7 +1,7 @@
---
title: LAPS CSP
description: Learn more about the LAPS CSP.
-ms.date: 09/27/2024
+ms.date: 11/05/2024
---
@@ -325,7 +325,7 @@ Note if a custom managed local administrator account name is specified in this s
Use this setting to configure whether the password is encrypted before being stored in Active Directory.
-This setting is ignored if the password is currently being stored in Azure.
+This setting is ignored if the password is currently being stored in Microsoft Entra ID.
This setting is only honored when the Active Directory domain is at Windows Server 2016 Domain Functional Level or higher.
@@ -387,7 +387,7 @@ If not specified, this setting defaults to True.
Use this setting to configure the name or SID of a user or group that can decrypt the password stored in Active Directory.
-This setting is ignored if the password is currently being stored in Azure.
+This setting is ignored if the password is currently being stored in Microsoft Entra ID.
If not specified, the password will be decryptable by the Domain Admins group in the device's domain.
diff --git a/windows/client-management/mdm/laps-ddf-file.md b/windows/client-management/mdm/laps-ddf-file.md
index d32a646434..8924f4d542 100644
--- a/windows/client-management/mdm/laps-ddf-file.md
+++ b/windows/client-management/mdm/laps-ddf-file.md
@@ -1,7 +1,7 @@
---
title: LAPS DDF file
description: View the XML file containing the device description framework (DDF) for the LAPS configuration service provider.
-ms.date: 09/27/2024
+ms.date: 11/05/2024
---
@@ -80,7 +80,7 @@ The following XML file contains the device description framework (DDF) for the L
The allowable settings are:
0=Disabled (password will not be backed up)
-1=Backup the password to Azure AD only
+1=Backup the password to Microsoft Entra ID only
2=Backup the password to Active Directory only
If not specified, this setting will default to 0.
@@ -103,7 +103,7 @@ If not specified, this setting will default to 0.
1
- Backup the password to Azure AD only
+ Backup the password to Microsoft Entra ID only
2
@@ -126,7 +126,7 @@ If not specified, this setting will default to 0.
If not specified, this setting will default to 30 days
-This setting has a minimum allowed value of 1 day when backing the password to onpremises Active Directory, and 7 days when backing the password to Azure AD.
+This setting has a minimum allowed value of 1 day when backing the password to onpremises Active Directory, and 7 days when backing the password to Microsoft Entra ID.
This setting has a maximum allowed value of 365 days.
@@ -154,7 +154,7 @@ This setting has a maximum allowed value of 365 days.
1
- BackupDirectory configured to Azure AD
+ BackupDirectory configured to Microsoft Entra ID
@@ -442,7 +442,7 @@ If not specified, this setting defaults to True.
True
Use this setting to configure whether the password is encrypted before being stored in Active Directory.
-This setting is ignored if the password is currently being stored in Azure.
+This setting is ignored if the password is currently being stored in Microsoft Entra ID.
This setting is only honored when the Active Directory domain is at Windows Server 2016 Domain Functional Level or higher.
@@ -499,7 +499,7 @@ If not specified, this setting defaults to True.
Use this setting to configure the name or SID of a user or group that can decrypt the password stored in Active Directory.
-This setting is ignored if the password is currently being stored in Azure.
+This setting is ignored if the password is currently being stored in Microsoft Entra ID.
If not specified, the password will be decryptable by the Domain Admins group in the device's domain.
diff --git a/windows/client-management/mdm/passportforwork-csp.md b/windows/client-management/mdm/passportforwork-csp.md
index 2b322e0891..3dcbc10721 100644
--- a/windows/client-management/mdm/passportforwork-csp.md
+++ b/windows/client-management/mdm/passportforwork-csp.md
@@ -1,7 +1,7 @@
---
title: PassportForWork CSP
description: Learn more about the PassportForWork CSP.
-ms.date: 08/06/2024
+ms.date: 11/05/2024
---
@@ -265,7 +265,7 @@ If the user forgets their PIN, it can be changed to a new PIN using the Windows
| Scope | Editions | Applicable OS |
|:--|:--|:--|
-| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE
✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows Insider Preview |
+| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE
✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 11, version 22H2 [10.0.22621] and later |
diff --git a/windows/client-management/mdm/passportforwork-ddf.md b/windows/client-management/mdm/passportforwork-ddf.md
index c94b22aed5..e53fb8e225 100644
--- a/windows/client-management/mdm/passportforwork-ddf.md
+++ b/windows/client-management/mdm/passportforwork-ddf.md
@@ -1,7 +1,7 @@
---
title: PassportForWork DDF file
description: View the XML file containing the device description framework (DDF) for the PassportForWork configuration service provider.
-ms.date: 06/28/2024
+ms.date: 11/05/2024
---
@@ -831,7 +831,7 @@ If you disable or do not configure this policy setting, the PIN recovery secret
- 99.9.99999
+ 10.0.22621
1.6
diff --git a/windows/client-management/mdm/policies-in-policy-csp-supported-by-surface-hub.md b/windows/client-management/mdm/policies-in-policy-csp-supported-by-surface-hub.md
index ebfe368e86..ea1f4f9b24 100644
--- a/windows/client-management/mdm/policies-in-policy-csp-supported-by-surface-hub.md
+++ b/windows/client-management/mdm/policies-in-policy-csp-supported-by-surface-hub.md
@@ -1,7 +1,7 @@
---
title: Policies supported by Windows 10 Team
description: Learn about the policies supported by Windows 10 Team.
-ms.date: 08/06/2024
+ms.date: 11/05/2024
---
@@ -417,6 +417,7 @@ This article lists the policies that are applicable for the Surface Hub operatin
- [ExcludeJapaneseIMEExceptJIS0208andEUDC](policy-csp-textinput.md#excludejapaneseimeexceptjis0208andeudc)
- [ExcludeJapaneseIMEExceptShiftJIS](policy-csp-textinput.md#excludejapaneseimeexceptshiftjis)
- [ForceTouchKeyboardDockedState](policy-csp-textinput.md#forcetouchkeyboarddockedstate)
+- [TouchKeyboardControllerModeAvailability](policy-csp-textinput.md#touchkeyboardcontrollermodeavailability)
- [TouchKeyboardDictationButtonAvailability](policy-csp-textinput.md#touchkeyboarddictationbuttonavailability)
- [TouchKeyboardEmojiButtonAvailability](policy-csp-textinput.md#touchkeyboardemojibuttonavailability)
- [TouchKeyboardFullModeAvailability](policy-csp-textinput.md#touchkeyboardfullmodeavailability)
diff --git a/windows/client-management/mdm/policies-in-preview.md b/windows/client-management/mdm/policies-in-preview.md
index 2c62565783..57e70841a5 100644
--- a/windows/client-management/mdm/policies-in-preview.md
+++ b/windows/client-management/mdm/policies-in-preview.md
@@ -1,7 +1,7 @@
---
title: Configuration service provider preview policies
description: Learn more about configuration service provider (CSP) policies that are available for Windows Insider Preview.
-ms.date: 09/27/2024
+ms.date: 11/05/2024
---
@@ -29,10 +29,17 @@ This article lists the policies that are applicable for Windows Insider Preview
- [EnablePhysicalDeviceAccessOnErrorScreens](clouddesktop-csp.md#userenablephysicaldeviceaccessonerrorscreens)
- [EnableBootToCloudSharedPCMode](clouddesktop-csp.md#deviceenableboottocloudsharedpcmode)
+## Connectivity
+
+- [UseCellularWhenWiFiPoor](policy-csp-connectivity.md#usecellularwhenwifipoor)
+- [DisableCellularSettingsPage](policy-csp-connectivity.md#disablecellularsettingspage)
+- [DisableCellularOperatorSettingsPage](policy-csp-connectivity.md#disablecellularoperatorsettingspage)
+
## DeclaredConfiguration CSP
- [Document](declaredconfiguration-csp.md#hostcompletedocumentsdociddocument)
- [Abandoned](declaredconfiguration-csp.md#hostcompletedocumentsdocidpropertiesabandoned)
+- [ConflictResolution](declaredconfiguration-csp.md#managementserviceconfigurationconflictresolution)
## DeliveryOptimization
@@ -52,6 +59,10 @@ This article lists the policies that are applicable for Windows Insider Preview
- [MdmAgentInstalled](devicepreparation-csp.md#mdmprovidermdmagentinstalled)
- [RebootRequired](devicepreparation-csp.md#mdmproviderrebootrequired)
+## Display
+
+- [ConfigureMultipleDisplayMode](policy-csp-display.md#configuremultipledisplaymode)
+
## DMClient CSP
- [DiscoveryEndpoint](dmclient-csp.md#deviceproviderprovideridlinkedenrollmentdiscoveryendpoint)
@@ -97,7 +108,6 @@ This article lists the policies that are applicable for Windows Insider Preview
## PassportForWork CSP
-- [EnableWindowsHelloProvisioningForSecurityKeys](passportforwork-csp.md#devicetenantidpoliciesenablewindowshelloprovisioningforsecuritykeys)
- [DisablePostLogonProvisioning](passportforwork-csp.md#devicetenantidpoliciesdisablepostlogonprovisioning)
## Reboot CSP
@@ -112,6 +122,10 @@ This article lists the policies that are applicable for Windows Insider Preview
- [ExchangeModernAuthEnabled](surfacehub-csp.md#deviceaccountexchangemodernauthenabled)
+## TextInput
+
+- [TouchKeyboardControllerModeAvailability](policy-csp-textinput.md#touchkeyboardcontrollermodeavailability)
+
## Update
- [AllowTemporaryEnterpriseFeatureControl](policy-csp-update.md#allowtemporaryenterprisefeaturecontrol)
diff --git a/windows/client-management/mdm/policy-csp-connectivity.md b/windows/client-management/mdm/policy-csp-connectivity.md
index 1a15adf8c0..5ed3127e3f 100644
--- a/windows/client-management/mdm/policy-csp-connectivity.md
+++ b/windows/client-management/mdm/policy-csp-connectivity.md
@@ -1,7 +1,7 @@
---
title: Connectivity Policy CSP
description: Learn more about the Connectivity Area in Policy CSP.
-ms.date: 04/10/2024
+ms.date: 11/05/2024
---
@@ -11,6 +11,8 @@ ms.date: 04/10/2024
[!INCLUDE [ADMX-backed CSP tip](includes/mdm-admx-csp-note.md)]
+[!INCLUDE [Windows Insider tip](includes/mdm-insider-csp-note.md)]
+
@@ -584,6 +586,104 @@ Also, see the "Web-based printing" policy setting in Computer Configuration/Admi
+
+## DisableCellularOperatorSettingsPage
+
+
+| Scope | Editions | Applicable OS |
+|:--|:--|:--|
+| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE
✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows Insider Preview |
+
+
+
+```Device
+./Device/Vendor/MSFT/Policy/Config/Connectivity/DisableCellularOperatorSettingsPage
+```
+
+
+
+
+This policy makes all configurable settings in the 'Cellular' > 'Mobile operator settings' page read-only.
+
+
+
+
+
+
+
+**Description framework properties**:
+
+| Property name | Property value |
+|:--|:--|
+| Format | `int` |
+| Access Type | Add, Delete, Get, Replace |
+| Default Value | 0 |
+
+
+
+**Allowed values**:
+
+| Value | Description |
+|:--|:--|
+| 0 (Default) | Disabled. |
+| 1 | Enabled. |
+
+
+
+
+
+
+
+
+
+## DisableCellularSettingsPage
+
+
+| Scope | Editions | Applicable OS |
+|:--|:--|:--|
+| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE
✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows Insider Preview |
+
+
+
+```Device
+./Device/Vendor/MSFT/Policy/Config/Connectivity/DisableCellularSettingsPage
+```
+
+
+
+
+This policy makes all configurable settings in the 'Cellular' Settings page read-only.
+
+
+
+
+
+
+
+**Description framework properties**:
+
+| Property name | Property value |
+|:--|:--|
+| Format | `int` |
+| Access Type | Add, Delete, Get, Replace |
+| Default Value | 0 |
+
+
+
+**Allowed values**:
+
+| Value | Description |
+|:--|:--|
+| 0 (Default) | Disabled. |
+| 1 | Enabled. |
+
+
+
+
+
+
+
+
## DisableDownloadingOfPrintDriversOverHTTP
@@ -899,6 +999,55 @@ If you disable this setting or don't configure it, the user will be able to crea
+
+## UseCellularWhenWiFiPoor
+
+
+| Scope | Editions | Applicable OS |
+|:--|:--|:--|
+| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE
✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows Insider Preview |
+
+
+
+```Device
+./Device/Vendor/MSFT/Policy/Config/Connectivity/UseCellularWhenWiFiPoor
+```
+
+
+
+
+This policy allows the use of a cellular connection when Wi-Fi connectivity is limited.
+
+
+
+
+
+
+
+**Description framework properties**:
+
+| Property name | Property value |
+|:--|:--|
+| Format | `int` |
+| Access Type | Add, Delete, Get, Replace |
+| Default Value | 1 |
+
+
+
+**Allowed values**:
+
+| Value | Description |
+|:--|:--|
+| 0 | Disabled. |
+| 1 (Default) | Enabled. |
+
+
+
+
+
+
+
+
diff --git a/windows/client-management/mdm/policy-csp-display.md b/windows/client-management/mdm/policy-csp-display.md
index 8f021f8337..01753099d8 100644
--- a/windows/client-management/mdm/policy-csp-display.md
+++ b/windows/client-management/mdm/policy-csp-display.md
@@ -1,7 +1,7 @@
---
title: Display Policy CSP
description: Learn more about the Display Area in Policy CSP.
-ms.date: 01/18/2024
+ms.date: 11/05/2024
---
@@ -9,10 +9,72 @@ ms.date: 01/18/2024
# Policy CSP - Display
+[!INCLUDE [Windows Insider tip](includes/mdm-insider-csp-note.md)]
+
+
+## ConfigureMultipleDisplayMode
+
+
+| Scope | Editions | Applicable OS |
+|:--|:--|:--|
+| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE
✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows Insider Preview |
+
+
+
+```Device
+./Device/Vendor/MSFT/Policy/Config/Display/ConfigureMultipleDisplayMode
+```
+
+
+
+
+This policy set the default display to set the arrangement between cloning or extending.
+
+
+
+
+
+
+
+**Description framework properties**:
+
+| Property name | Property value |
+|:--|:--|
+| Format | `int` |
+| Access Type | Add, Delete, Get, Replace |
+| Default Value | 1 |
+
+
+
+**Allowed values**:
+
+| Value | Description |
+|:--|:--|
+| 0 | Default. |
+| 1 (Default) | Clone. |
+| 2 | Extend. |
+
+
+
+**Group policy mapping**:
+
+| Name | Value |
+|:--|:--|
+| Name | ConfigureMultipleDisplayMode |
+| Path | Display > AT > System > DisplayCat |
+| Element Name | ConfigureMultipleDisplayModePrompt |
+
+
+
+
+
+
+
+
## DisablePerProcessDpiForApps
diff --git a/windows/client-management/mdm/policy-csp-localpoliciessecurityoptions.md b/windows/client-management/mdm/policy-csp-localpoliciessecurityoptions.md
index 031f151e0e..bdd4e1fcd0 100644
--- a/windows/client-management/mdm/policy-csp-localpoliciessecurityoptions.md
+++ b/windows/client-management/mdm/policy-csp-localpoliciessecurityoptions.md
@@ -1,7 +1,7 @@
---
title: LocalPoliciesSecurityOptions Policy CSP
description: Learn more about the LocalPoliciesSecurityOptions Area in Policy CSP.
-ms.date: 09/27/2024
+ms.date: 11/05/2024
---
@@ -388,10 +388,27 @@ Audit: Audit the use of Backup and Restore privilege This security setting deter
|:--|:--|
| Format | `b64` |
| Access Type | Add, Delete, Get, Replace |
-| Allowed Values | List (Delimiter: ``) |
-| Default Value | 00 |
+| Default Value | AA== |
+
+**Allowed values**:
+
+| Value | Description |
+|:--|:--|
+| AQ== | Enable. |
+| AA== (Default) | Disable. |
+
+
+
+**Group policy mapping**:
+
+| Name | Value |
+|:--|:--|
+| Name | Audit: Audit the use of Backup and Restore privilege |
+| Path | Windows Settings > Security Settings > Local Policies > Security Options |
+
+
diff --git a/windows/client-management/mdm/policy-csp-remotedesktopservices.md b/windows/client-management/mdm/policy-csp-remotedesktopservices.md
index 70acc4ac5e..a3d59bef8b 100644
--- a/windows/client-management/mdm/policy-csp-remotedesktopservices.md
+++ b/windows/client-management/mdm/policy-csp-remotedesktopservices.md
@@ -1,7 +1,7 @@
---
title: RemoteDesktopServices Policy CSP
description: Learn more about the RemoteDesktopServices Area in Policy CSP.
-ms.date: 09/27/2024
+ms.date: 11/05/2024
---
@@ -156,7 +156,7 @@ FIPS compliance can be configured through the System cryptography. Use FIPS comp
| Scope | Editions | Applicable OS |
|:--|:--|:--|
-| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE
✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 11, version 24H2 [10.0.26100] and later |
+| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE
✅ IoT Enterprise / IoT Enterprise LTSC | ✅ [10.0.20348.2461] and later
✅ [10.0.25398.887] and later
✅ Windows 10, version 2004 [10.0.19041.4474] and later
✅ Windows 11, version 21H2 with [KB5037770](https://support.microsoft.com/help/5037770) [10.0.22000.2960] and later
✅ Windows 11, version 22H2 with [KB5037771](https://support.microsoft.com/help/5037771) [10.0.22621.3593] and later
✅ Windows 11, version 24H2 [10.0.26100] and later |
@@ -217,7 +217,7 @@ This policy applies only when using legacy authentication to authenticate to the
| Scope | Editions | Applicable OS |
|:--|:--|:--|
-| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE
✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 11, version 24H2 [10.0.26100] and later |
+| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE
✅ IoT Enterprise / IoT Enterprise LTSC | ✅ [10.0.20348.2461] and later
✅ [10.0.25398.887] and later
✅ Windows 10, version 2004 [10.0.19041.4474] and later
✅ Windows 11, version 21H2 with [KB5037770](https://support.microsoft.com/help/5037770) [10.0.22000.2960] and later
✅ Windows 11, version 22H2 with [KB5037771](https://support.microsoft.com/help/5037771) [10.0.22621.3593] and later
✅ Windows 11, version 24H2 [10.0.26100] and later |
diff --git a/windows/client-management/mdm/policy-csp-textinput.md b/windows/client-management/mdm/policy-csp-textinput.md
index 359c78a5c8..ef469c7c40 100644
--- a/windows/client-management/mdm/policy-csp-textinput.md
+++ b/windows/client-management/mdm/policy-csp-textinput.md
@@ -1,7 +1,7 @@
---
title: TextInput Policy CSP
description: Learn more about the TextInput Area in Policy CSP.
-ms.date: 01/18/2024
+ms.date: 11/05/2024
---
@@ -9,6 +9,8 @@ ms.date: 01/18/2024
# Policy CSP - TextInput
+[!INCLUDE [Windows Insider tip](includes/mdm-insider-csp-note.md)]
+
@@ -1172,6 +1174,56 @@ Specifies the touch keyboard is always docked. When this policy is set to enable
+
+## TouchKeyboardControllerModeAvailability
+
+
+| Scope | Editions | Applicable OS |
+|:--|:--|:--|
+| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE
✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows Insider Preview |
+
+
+
+```Device
+./Device/Vendor/MSFT/Policy/Config/TextInput/TouchKeyboardControllerModeAvailability
+```
+
+
+
+
+Specifies whether the controller keyboard mode is enabled or disabled for the touch keyboard. When this policy is set to disabled, the controller keyboard mode for touch keyboard is disabled.
+
+
+
+
+
+
+
+**Description framework properties**:
+
+| Property name | Property value |
+|:--|:--|
+| Format | `int` |
+| Access Type | Add, Delete, Get, Replace |
+| Default Value | 0 |
+
+
+
+**Allowed values**:
+
+| Value | Description |
+|:--|:--|
+| 0 (Default) | The OS determines when it's most appropriate to be available. |
+| 1 | Controller keyboard is always available. |
+| 2 | Controller keyboard is always disabled. |
+
+
+
+
+
+
+
+
## TouchKeyboardDictationButtonAvailability
diff --git a/windows/client-management/mdm/policy-csp-wifi.md b/windows/client-management/mdm/policy-csp-wifi.md
index 677a40fffb..547985d9b2 100644
--- a/windows/client-management/mdm/policy-csp-wifi.md
+++ b/windows/client-management/mdm/policy-csp-wifi.md
@@ -1,7 +1,7 @@
---
title: Wifi Policy CSP
description: Learn more about the Wifi Area in Policy CSP.
-ms.date: 01/31/2024
+ms.date: 11/05/2024
---
@@ -188,10 +188,7 @@ By default, ICS is disabled when you create a remote access connection, but admi
-Allow or disallow connecting to Wi-Fi outside of MDM server-installed networks. Most restricted value is 0.
-
-> [!NOTE]
-> Setting this policy deletes any previously installed user-configured and Wi-Fi sense Wi-Fi profiles from the device. Certain Wi-Fi profiles that aren't user configured nor Wi-Fi sense might not be deleted. In addition, not all non-MDM profiles are completely deleted.
+Allow or block connections to Wi-Fi outside of MDM server-installed networks. If you change this setting to Block, you must deploy enterprise Wi-Fi profiles to the device using the Wi-Fi CSP before you apply this setting. Otherwise, the device will go offline since it won't be able to connect to Wi-Fi. Note that choosing to block Wi-Fi connections will delete any previously installed user-configured Wi-Fi profiles from the device, though not all non-MDM profiles will be deleted.
diff --git a/windows/client-management/mdm/policy-csp-windowsai.md b/windows/client-management/mdm/policy-csp-windowsai.md
index 642e2df000..72d541101b 100644
--- a/windows/client-management/mdm/policy-csp-windowsai.md
+++ b/windows/client-management/mdm/policy-csp-windowsai.md
@@ -1,7 +1,7 @@
---
title: WindowsAI Policy CSP
description: Learn more about the WindowsAI Area in Policy CSP.
-ms.date: 09/27/2024
+ms.date: 11/05/2024
---
@@ -286,10 +286,9 @@ This policy setting allows you to turn off Windows Copilot.
-
-> [!Note]
-> - The TurnOffWindowsCopilot policy isn't for the [new Copilot experience](https://techcommunity.microsoft.com/t5/windows-it-pro-blog/evolving-copilot-in-windows-for-your-workforce/ba-p/4141999) that's in some [Windows Insider builds](https://blogs.windows.com/windows-insider/2024/05/22/releasing-windows-11-version-24h2-to-the-release-preview-channel/) and that will be gradually rolling out to Windows 11 and Windows 10 devices.
+> [!NOTE]
+> - The TurnOffWindowsCopilot policy isn't for the [new Copilot experience](https://techcommunity.microsoft.com/blog/windows-itpro-blog/evolving-copilot-in-windows-for-your-workforce/4141999) that's in some [Windows Insider builds](https://blogs.windows.com/windows-insider/2024/05/22/releasing-windows-11-version-24h2-to-the-release-preview-channel/) and that will be gradually rolling out to Windows 11 and Windows 10 devices.
diff --git a/windows/configuration/taskbar/index.md b/windows/configuration/taskbar/index.md
index 6ef2fe06f6..aefd8d2b6e 100644
--- a/windows/configuration/taskbar/index.md
+++ b/windows/configuration/taskbar/index.md
@@ -1,8 +1,8 @@
---
-title: Configure the Windows taskbar
+title: Configure the Windows Taskbar Using Policy Settings
description: Learn how to configure the Windows taskbar to provide quick access to the tools and applications that users need most.
ms.topic: how-to
-ms.date: 04/17/2024
+ms.date: 11/07/2024
ms.collection:
- essentials-manage
appliesto:
diff --git a/windows/configuration/taskbar/pinned-apps.md b/windows/configuration/taskbar/pinned-apps.md
index b29c96b947..d2454b1e79 100644
--- a/windows/configuration/taskbar/pinned-apps.md
+++ b/windows/configuration/taskbar/pinned-apps.md
@@ -1,8 +1,8 @@
---
-title: Configure the applications pinned to the taskbar
+title: Configure the Windows Taskbar Pinned Apps with Policy Settings
description: Learn how to configure the applications pinned to the Windows taskbar.
ms.topic: how-to
-ms.date: 04/17/2024
+ms.date: 11/07/2024
appliesto:
zone_pivot_groups: windows-versions-11-10
---
@@ -20,15 +20,15 @@ To learn about all the policy settings to customize the taskbar layout and confi
Here are some considerations before you start configuring the taskbar pinned applications:
-- There's no limit to the number of apps that you can pin
-- In the XML file, add apps using the Application User Model ID (AUMID), the Desktop Application ID, or the Desktop Application Link Path
-- Some classic Windows applications are packaged differently than they were in previous versions of Windows, including Notepad and File Explorer. Make sure to enter the correct Application ID. To learn more, see [Find the Application User Model ID of an installed app](../store/find-aumid.md)
-- If you specify an app to be pinned that isn't provisioned for the user on the device, the pinned icon doesn't appear on the taskbar
+- There's no limit to the number of apps that you can pin.
+- In the XML file, add apps using the Application User Model ID (AUMID), the Desktop Application ID, or the Desktop Application Link Path.
+- Some classic Windows applications are packaged differently than they were in previous versions of Windows, including Notepad and File Explorer. Make sure to enter the correct Application ID. To learn more, see [Find the Application User Model ID of an installed app](../store/find-aumid.md).
+- If you specify an app to be pinned that isn't provisioned for the user on the device, the pinned icon doesn't appear on the taskbar.
- The order of applications in the XML file dictates the order of pinned apps on the taskbar, from left to right. If the OS is configured to use a right-to-left language, then the taskbar order is reversed
- Applications can be pinned using the following methods:
- - Default Windows apps, pinned during the OS installation. For example: Microsoft Edge, File Explorer, and Store. These applications are pinned first (blue square)
- - Pinned manually by the user. These applications are usually pinned next to the default pinned apps (red circle)
- - Pinned via policy settings. These applications are pinned after the apps pinned manually by the user (green triangle)
+ - Default Windows apps, pinned during the OS installation. For example: Microsoft Edge, File Explorer, and Store. These applications are pinned first (blue square).
+ - Pinned manually by the user. These applications are usually pinned next to the default pinned apps (red circle).
+ - Pinned via policy settings. These applications are pinned after the apps pinned manually by the user (green triangle).
::: zone pivot="windows-10"
@@ -46,15 +46,23 @@ Here are some considerations before you start configuring the taskbar pinned app
The following steps describe how to configure the taskbar pinned applications using policy settings:
-1. Create the XML file. You can start with the [XML example](#taskbar-layout-example)
-1. Edit the XML file to meet your requirements and save it
-1. Deploy the XML file to devices using configuration service provider (CSP), provisioning packages (PPKG), or group policy (GPO)
+1. Create the XML file. You can start with the [XML example](#taskbar-layout-example).
+1. Edit the XML file to meet your requirements and save it.
+1. Deploy the XML file to devices using configuration service provider (CSP), provisioning packages (PPKG), or group policy (GPO).
-> [!IMPORTANT]
-> If you use a provisioning package to configure the taskbar, your configuration will be reapplied each time the `explorer.exe` process restarts. If your configuration pins an app and the user then unpins that app, the user's change will be overwritten the next time the configuration is applied. To apply a taskbar configuration that allows users to make changes that will persist, apply your configuration by using CSP or GPO.
+### Taskbar configuration and policy refresh
+
+Depending on the method you use to configure the taskbar, the configuration is reapplied at different intervals. When the taskbar configuration is reapplied, user changes are overwritten.
+
+| Configuration method | Reapplied interval |
+|--|--|
+| Configuration service provider (CSP) | Every 8 hours or based on the [ConfigRefresh](/windows/client-management/mdm/dmclient-csp#deviceproviderprovideridconfigrefresh) interval. |
+| Provisioning package (PPKG) | Each time the `explorer.exe` process restarts. |
+| Group policy (GPO) | In case of a group policy change. |
> [!CAUTION]
-> The use of the `Import-StartLayout` PowerShell cmdlet to provision the Taskbar layout is no longer supported in Windows 11. The only supported configuration in Windows 11 is to use a provisioning package.
+> The use of the `Import-StartLayout` PowerShell cmdlet to provision the Taskbar layout is no longer supported in Windows 11.
+
::: zone pivot="windows-10"
>[!NOTE]
@@ -78,13 +86,13 @@ Here you can find an example of taskbar layout that you can use as a reference:
You can change the apps pinned to the taskbar by modifying the `` node.
1. In the `` node, add (or remove) the apps you want pinned. You can pin Universal Windows Platform (UWP) apps and desktop apps:
- - ``: Select this option for UWP apps. Add the *AUMID* of the UWP app
- - ``: Select this option for desktop apps. Add the *Desktop Application ID* or the *Desktop Application Link Path* of the desktop app
+ - ``: Select this option for UWP apps. Add the *AUMID* of the UWP app.
+ - ``: Select this option for desktop apps. Add the *Desktop Application ID* or the *Desktop Application Link Path* of the desktop app.
1. In the `` node, the apps you add are pinned after the default apps. If you want to remove the default apps, and only show the apps you add in the XML file, then add `PinListPlacement="Replace"`:
- - ``: Keeps the default pinned apps. After the default apps, the apps you add are pinned
- - ``: Unpins the default apps. Only the apps you add are pinned. If you want to remove some of the default pinned apps, then add `PinListPlacement="Replace"`. When you add your apps to ``, include the default apps you still want pinned
-1. In the `` node, use `region=" | "` to use different taskbar configurations based on the device locale and region
-1. Save the file
+ - ``: Keeps the default pinned apps. After the default apps, the apps you add are pinned.
+ - ``: Unpins the default apps. Only the apps you add are pinned. If you want to remove some of the default pinned apps, then add `PinListPlacement="Replace"`. When you add your apps to ``, include the default apps you still want pinned.
+1. In the `` node, use `region=" | "` to use different taskbar configurations based on the device locale and region.
+1. Save the file.
For practical examples of how to add, remove, or replace pinned apps, see the following sections:
@@ -147,8 +155,8 @@ In the following XML example, two regions are added: `US|UK` and `DE|FR|IT`:
[!INCLUDE [example](includes/example-region.md)]
-- If the `` node has region matching the one configured on the device, then the configuration applies
-- If the `` node doesn't have a region matching the one configured on the device, then the first `` node without region applies
+- If the `` node has region matching the one configured on the device, then the configuration applies.
+- If the `` node doesn't have a region matching the one configured on the device, then the first `` node without region applies.
> [!NOTE]
> [Look up country and region codes (use the ISO Short column)](/previous-versions/commerce-server/ee799297(v=cs.20))
@@ -212,15 +220,15 @@ After the taskbar layout is applied, the users must sign out and sign in again t
On a clean install of Windows, if you apply a taskbar layout, the following apps are pinned to the taskbar:
-- Any default apps you don't remove
-- Apps that you specifically pin in the XML file
+- Any default apps you don't remove.
+- Apps that you specifically pin in the XML file.
On a Windows OS upgrade, apps are already pinned to the taskbar. The taskbar layout applies the following logic:
-- If users pinned apps to the taskbar, then those pinned apps remain. New apps are pinned after the existing user-pinned apps
-- If the apps are pinned during the install or by a policy (not by a user), and the apps aren't pinned in an updated layout file, then the apps are unpinned
-- If a user didn't pin an app, and the same app is pinned in the updated layout file, then the app is pinned after any existing pinned apps
-- New apps in updated layout file are pinned after the user's pinned apps
+- If users pinned apps to the taskbar, then those pinned apps remain. New apps are pinned after the existing user-pinned apps.
+- If the apps are pinned during the install or by a policy (not by a user), and the apps aren't pinned in an updated layout file, then the apps are unpinned.
+- If a user didn't pin an app, and the same app is pinned in the updated layout file, then the app is pinned after any existing pinned apps.
+- New apps in updated layout file are pinned after the user's pinned apps.
If you apply the taskbar configuration to a clean install or an update, users can still:
diff --git a/windows/configuration/taskbar/policy-settings.md b/windows/configuration/taskbar/policy-settings.md
index 72ca73538b..ed1b04da64 100644
--- a/windows/configuration/taskbar/policy-settings.md
+++ b/windows/configuration/taskbar/policy-settings.md
@@ -1,8 +1,8 @@
---
-title: Taskbar policy settings
-description: Learn about the policy settings to configure the Windows taskbar.
+title: List of the Policy Settings To Configure the Windows Taskbar
+description: Learn about the CSP and GPO policy settings to configure the Windows taskbar.
ms.topic: reference
-ms.date: 04/17/2024
+ms.date: 11/07/2024
appliesto:
zone_pivot_groups: windows-versions-11-10
---
diff --git a/windows/configuration/taskbar/xsd.md b/windows/configuration/taskbar/xsd.md
index c6d5ded3aa..351c262871 100644
--- a/windows/configuration/taskbar/xsd.md
+++ b/windows/configuration/taskbar/xsd.md
@@ -1,8 +1,8 @@
---
-title: Taskbar XML Schema Definition (XSD)
-description: Taskbar XSD reference article.
+title: Windows Taskbar XML Schema Definition (XSD)
+description: Reference article about the Taskbar XML schema definition (XSD).
ms.topic: reference
-ms.date: 02/15/2024
+ms.date: 11/07/2024
---
# Taskbar XML Schema Definition (XSD)
diff --git a/windows/deployment/do/mcc-ent-create-resource-and-cache.md b/windows/deployment/do/mcc-ent-create-resource-and-cache.md
index bae29c6ffa..9340c11d38 100644
--- a/windows/deployment/do/mcc-ent-create-resource-and-cache.md
+++ b/windows/deployment/do/mcc-ent-create-resource-and-cache.md
@@ -303,16 +303,14 @@ Navigate to the Connected Cache resource to delete, then select the **Delete** o
# [Azure CLI](#tab/cli)
-Use the following command to delete the Connected Cache resource.
+Use the following command to delete the cache node under the resource.
Replace the following placeholders with your own information:
* *\*: Name of the resource group in your subscription.
* *\*: Name of your Microsoft Connected Cache for Enterprise resource.
-* *\*: The name for your Microsoft Connected Cache node.
-
```azurecli-interactive
-az mcc ent node delete --cache-node-name --mcc-resource-name --resource-group
+az mcc ent resource delete --mcc-resource-name --resource-group
```
---
@@ -323,16 +321,19 @@ On the left pane, select **Cache Nodes** under **Cache Node Management** to see
# [Azure CLI](#tab/cli)
-Use the following command to delete the cache node under the resource.
+Use the following command to delete the Connected Cache node.
Replace the following placeholders with your own information:
* *\*: Name of the resource group in your subscription.
* *\*: Name of your Microsoft Connected Cache for Enterprise resource.
+* *\*: The name for your Microsoft Connected Cache node.
+
```azurecli-interactive
-az mcc ent node delete --mcc-resource-name --resource-group
+az mcc ent node delete --cache-node-name --mcc-resource-name --resource-group
```
+
---
@@ -345,4 +346,4 @@ az mcc ent node delete --mcc-resource-name --resource-group * In the output look for cacheNodeState. If **cacheNodeState = Not Provisioned**, you can continue with cache node provisioning.
>* If **cacheNodeState = Not Configured**, then the cache node has not been configured. Configure the cache node before provisioning.
-### Example script:
+
+
+## Next step
+
+To deploy the cache node to a **Windows** host machine, see
+>[!div class="nextstepaction"]
+>[Deploy cache node to Windows](mcc-ent-deploy-to-windows.md)
+
+To deploy the cache node to a **Linux** host machine, see
+>[!div class="nextstepaction"]
+>[Deploy cache node to Linux](mcc-ent-deploy-to-linux.md)
+
+
+
+### Example script to bulk create and configure multiple cache nodes:
Below is a pseudocode example of how to script bulk creation and configuration of a Connected Cache Azure resource and multiple Connected Cache cache nodes:
@@ -199,12 +213,3 @@ for ($cacheNodeNumber = 1; $cacheNodeNumber -le $cacheNodesToCreate; $cacheNodeN
```
---
-## Next step
-
-To deploy the cache node to a **Windows** host machine, see
->[!div class="nextstepaction"]
->[Deploy cache node to Windows](mcc-ent-deploy-to-windows.md)
-
-To deploy the cache node to a **Linux** host machine, see
->[!div class="nextstepaction"]
->[Deploy cache node to Linux](mcc-ent-deploy-to-linux.md)
diff --git a/windows/deployment/update/media-dynamic-update.md b/windows/deployment/update/media-dynamic-update.md
index 8cf6fab2bd..cc988cacb3 100644
--- a/windows/deployment/update/media-dynamic-update.md
+++ b/windows/deployment/update/media-dynamic-update.md
@@ -13,7 +13,7 @@ appliesto:
- ✅ Windows 11
- ✅ Windows 10
- ✅ Windows Server
-ms.date: 10/15/2024
+ms.date: 11/06/2024
---
# Update Windows installation media with Dynamic Update
@@ -121,7 +121,7 @@ Optional Components, along with the .NET feature, can be installed offline, howe
### Checkpoint cumulative updates
-Starting with Windows 11, version 24H2, the latest cumulative update may have a prerequisite cumulative update that is required to be installed first. These are known as checkpoint cumulative updates. In these cases, the cumulative update file level differentials are based on a previous cumulative update instead of the Windows RTM release. The benefit is a smaller update package and faster installation. When you obtain the latest cumulative update from the [Microsoft Update Catalog](https://catalog.update.microsoft.com), checkpoint cumulative updates will be available from the download button. In addition, the knowledge base article for the cumulative update will provide additional information.
+Starting with Windows 11, version 24H2, and Windows Server 2025, the latest cumulative update may have a prerequisite cumulative update that is required to be installed first. These are known as checkpoint cumulative updates. In these cases, the cumulative update file level differentials are based on a previous cumulative update instead of the Windows RTM release. The benefit is a smaller update package and faster installation. When you obtain the latest cumulative update from the [Microsoft Update Catalog](https://catalog.update.microsoft.com), checkpoint cumulative updates will be available from the download button. In addition, the knowledge base article for the cumulative update will provide additional information.
To install the checkpoint(s) when servicing the Windows OS (steps 9 & 12) and WinPE (steps 17 & 23), call `Add-WindowsPackage` with the target cumulative update. The folder from `-PackagePath` will be used to discover and install one or more checkpoints as needed. Only the target cumulative update and checkpoint cumulative updates should be in the `-PackagePath` folder. Cumulative update packages with a revision <= the target cumulative update will be processed. If you are not customizing the image with additional languages and/or optional features, then separate calls to `Add-WindowsPackage` (checkpoint cumulative updates first) can be used for steps 9 & 17 above. Separate calls cannot be used for steps 12 and 23.